California hospital paid $17,000 ransom in bitcoins to hackers

Hollywood Presbyterian Medical Center

Ricardo DeAratanha / Los Angeles Times

The Hollywood Presbyterian Medical Center in 2004. The hospital was recently the target of a ransomware extortion plot in which hackers seized control its computer systems and then demanded that directors pay in bitcoin to regain access.

The Hollywood Presbyterian Medical Center in 2004. The hospital was recently the target of a ransomware extortion plot in which hackers seized control its computer systems and then demanded that directors pay in bitcoin to regain access. (Ricardo DeAratanha / Los Angeles Times)

A Los Angeles hospital paid a ransom of about $17,000 to hackers who infiltrated and disabled its computer network because paying was in the best interest of the hospital and the most efficient way to solve the problem, the medical center's chief executive said Wednesday.

Hollywood Presbyterian Medical Center paid the ransom of 40 bitcoins — currently worth $16,664 — after the network infiltration that began Feb. 5, CEO Allen Stefanek said in a statement.

The FBI is investigating the attack, often called "ransomware," in which hackers encrypt a computer network's data to hold it "hostage," providing a digital decryption key to unlock it for a price.

"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," Stefanek said. "In the best interest of restoring normal operations, we did this."

Ransomware attacks can happen to everyone from individuals to large institutions.

The hospital did not say whether anyone had recommended it pay off the hackers.

Computer security experts normally recommend people not pay the ransom, though at times law enforcement agencies suggest they do, said Adam Kujawa, head of malware intelligence for Malwarebytes, a San Jose, Calif.-based company that recently released anti-ransomware software.

It's difficult to know how many victims pay the ransom, because many who do don't reveal it.

"Unfortunately, a lot of companies don't tell anybody if they had fallen victim to ransomware and especially if they have paid the criminals," Kujawa said, "but I know from the experiences I hear about from various industry professionals that it's a pretty common practice to just hand over the cash."

Hollywood Presbyterian Medical Center was the target of a ransomware extortion plot in which hackers seized control of the hospital's computer systems and then demanded that directors pay in bitcoin to regain access, according to law enforcement sources.

Ransomware attacks on business data systems...

(Richard Winton)

Bitcoins, the online currency that is hard to trace, is becoming the preferred way for hackers to collect a ransom, FBI Special Agent Thomas Grasso, who is part of the government's efforts to fight malicious software including ransomware, told The Associated Press last year.

During 2013, the number of attacks each month rose from 100,000 in January to 600,000 in December, according to a 2014 report by Symantec, the maker of antivirus software.

A report from Intel Corp.'s McAfee Labs released in November said the number of ransomware attacks is expected to grow even more in 2016 because of increased sophistication in the software used to do it.

The company estimates that on average, 3 percent of users with infected machines pay a ransom. It's not clear how many of those users were individuals and how many companies. Some ransomware attacks go unreported because the victims don't want it publicized they were hacked.

Workers at Hollywood Presbyterian noticed the network problems on Feb. 5, and it became clear there was a malware infiltration that was disabling the network.

Computer experts and law enforcement were immediately informed, Stefanek said. On Monday, 10 days after the attack, the network was in full operation again, he said.

FBI spokeswoman Laura Eimiller said the agency is investigating the extortion plot, but she could not immediately provide further details.

Neither law enforcement nor the hospital gave any indication of who might have been behind the attack or whether there are any suspects.

Patient care was not affected by the hacking, and there is no evidence any patient data was compromised, Stefanek said.

The 434-bed hospital in the Los Feliz area of Los Angeles was founded in 1924. It was sold to CHA Medical Center of South Korea in 2004. It offers a range of services including emergency care, maternity services, cancer care, physical therapy and specialized operations such as fetal and orthopedic surgeries.